I am trying to provide limited access on Nexus 7k using ACS 5.4 via TACACS. I used the following in my shell profile
REQUIREMENT: mandatory (even tried optional)
Everything seems to work, but I cannot ping/traceroute and receive this error, from the Nexus 7k.
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
Could you share the AAA configuration on the Nexus?
aaa authentication login default group CORP_ACSaaa authentication login console localaaa authorization commands default group CORP_ACS localaaa accounting default group CORP_ACSaaa authentication login error-enable
aaa group server tacacs+ CORP_ACS server x.x.x.x server x.x.x.x use-vrf management
You should not have command authorization when you use RBAC.
Kindly remove: aaa authorization commands default group CORP_ACS local
and check again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: